{
  pkgs,
  inputs,
  config,
  lib,
  ...
}: let
  username = "admin";
  pubKeys = lib.filesystem.listFilesRecursive ../keys;
  hostname = config.networking.hostName;
  sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path;
  secretsDirectory = builtins.toString inputs.nix-secrets;
  secretsFile = "${secretsDirectory}/secrets.yaml";
in {
  users.users.${username} = {
    isNormalUser = true;
    shell = pkgs.zsh;
    hashedPasswordFile = sopsHashedPasswordFile;
    openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);

    extraGroups = [
      "wheel"
    ];
  };

  environment.persistence."/persist" = {
    directories = [
      "/home/${username}"
    ];
  };

  sops.secrets = {
    "passwords/${username}" = {
      sopsFile = "${secretsFile}";
      neededForUsers = true;
    };
    "ssh_keys/${username}/id_ed25519" = {
      path = "/home/${username}/.ssh/id_ed25519";
      mode = "0600";
      owner = "${username}";
    };
    "ssh_keys/${username}/id_ed25519.pub" = {
      path = "/home/${username}/.ssh/id_ed25519.pub";
      mode = "0644";
      owner = "${username}";
    };
    "github-access-token" = {
      mode = "0655";
    };
  };

  programs.zsh.enable = true;
  programs.fuse.userAllowOther = true;

  home-manager = {
    extraSpecialArgs = {inherit inputs;};
    users = {
      ${username} = import ../../../../home/${hostname}.nix;
    };
  };
}